Description
This article describes how FortiGate uses the Automation function via webhook to send message to Slack channel and how to customize information written to the event log/syslog.
More information on the Webhook action: Webhook action
Solution
- Create New Automation:

- Give the new automation stitch a name:

- Select a Trigger method

- Select an Event


- Select an Action:

- Enter the Slack Channel Information


- For the test, generate an 'Admin login failed' event:




FGT # diagnose debug app autod -1
Debug messages will be on for 30 minutes.
FGT # diagnose debug enable
FGT # auto_generate_generic_curl_request()-302: Generating generic automation CURL request for action (webhook2slack).
auto_generate_generic_curl_request()-350: Generic automation CURL request POST data for action (webhook2slack):
{"text": "This is for user - admin login failed as log reason - passwd_invalid, ui = ssh(10.48.48.131) log method - ssh from log srcip - 10.48.48.131 , msg - Administrator admin login failed from ssh(10.48.48.131) because of invalid password"}
auto_generate_generic_curl_request()-400: Generic automation CURL request Host header: hooks.slack.com
auto_generic_curl_request_close()-476: Generic CURL request response body from https://hooks.slack.com/services/XXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
ok
Debug messages will be on for 30 minutes.
FGT # diagnose debug enable
FGT # auto_generate_generic_curl_request()-302: Generating generic automation CURL request for action (webhook2slack).
auto_generate_generic_curl_request()-350: Generic automation CURL request POST data for action (webhook2slack):
{"text": "This is for user - admin login failed as log reason - passwd_invalid, ui = ssh(10.48.48.131) log method - ssh from log srcip - 10.48.48.131 , msg - Administrator admin login failed from ssh(10.48.48.131) because of invalid password"}
auto_generate_generic_curl_request()-400: Generic automation CURL request Host header: hooks.slack.com
auto_generic_curl_request_close()-476: Generic CURL request response body from https://hooks.slack.com/services/XXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
ok
Where does the HTTP body parameter come from:

See the FortiOS log reference:


Some old version such as v6.0.5 may show an HTTP 400 error, upgrade to at least v6.2.2.
Labels: